Lux Brows & Lashes – Effective: 1 March 2020
Lux is bound by the Commonwealth Privacy Act 1988 (including the National Privacy Principles) (“Privacy Act”), and as such, this policy has been drafted in accordance to the principles concerning the protection of your personal information.
1.1 Lux will only collect Personal Information where the information is necessary for Lux to perform one or more of its functions or activities. In this context, “collect” means gather, acquire or obtain by any means, information in circumstances where the individual is identifiable or identified.
1.2 Lux collects Personal Information primarily to supply customers with the products and services ordered. Lux also collects and uses Personal Information for secondary purposes including (but not limited to):
• billing and account management.
• business planning and product development; and
• to provide individuals with information about promotions, as well as the products and services of other
Lux companies and other organisations.
1.3 Lux will take reasonable steps to notify individuals (including, but not limited to, our customers) of the matters listed below at or before collecting any personal information. This includes if the information is collected from someone else.
• the purpose for which we are collecting the information.
• our identity and how individuals can contact us, if this is not obvious.
• that individuals can access the personal information that Lux holds about them.
• that individuals should contact us if wish to access or correct personal information collected by us or have any concerns in relation to personal information; the organisations or types of organisations to whom we
usually disclose the personal information including related bodies corporates and contractors; where applicable, any law that requires the personal information to be collected;
• the consequences (if any) for the individual if all or part of the personal information is not provided to Lux.
1.4 Where it is not practicable for Lux to notify individuals of all the Collection Information before the collection of Personal Information, Lux will ensure that individuals are notified of the Collection Information as soon as possible after the collection.
1.5 Lux will collect personal information only by lawful and fair means and not in an unreasonably intrusive way. Where possible, Lux will collect Personal Information about that Individual from that Individual.
2.0 Use and Disclosure
2.1 Lux will not use or disclose personal information about an individual for a purpose (secondary purpose) other
than the primary purpose of collection unless:
• the individual has consented to the use or disclosure; or
• the secondary purpose is related to the primary purpose of collection and, if the personal information is sensitive information, directly related to the primary purpose of collection and the individual would reasonably expect Lux to use or disclose the information for the secondary purpose.
2.2 Lux Uses Personal Information primarily for the purposes listed in 1.2 above.
2.3 If Lux conducts any Direct Marketing to individuals it will ensure that:
• the individual has not made a request to Lux not to receive direct marketing communications.
• the individual is clearly notified of their right to Opt Out from further Direct Marketing.
• there is only one Use of the information before the Opt Out right is given
• the individual is given an Opt Out in all further instances of Direct Marketing if they have not previously chosen to Opt Out; and
• if the individual Opts Out of all Direct Marketing the Opt Out will be respected by Lux.
2.4 Lux may also use Personal Information for reasons related to law enforcement or internal investigations into unlawful activities.
2.5 Lux may Disclose Personal Information to related or unrelated third parties if consent has been obtained from the individual. This will include obtaining the individual’s consent for Disclosures made under the credit reporting requirements of the Privacy Act.
2.6 Lux may Disclose Personal Information to law enforcement agencies, government agencies, courts or external advisers where permitted or required by law.
2.7 If a Disclosure is not for a Primary Purpose; is not for a related Secondary Purpose; or upfront consent has not been obtained, Lux will not Disclose Personal Information otherwise than in accordance with the exceptions set out at 2.5 to 2.7 above.
2.8 Lux will not use Personal Information without taking reasonable steps to ensure that the information is accurate, complete and up to date.
2.9 Lux does not generally sell or share its customer lists on a commercial basis with third parties but if it did, it would only do so if we had the appropriate consent of the individual involved.
3.0 Information quality
3.1 Lux will take reasonable steps to ensure that the information it collects, uses and discloses is accurate, complete and up to date.
4.0 Information security
4.1 Lux requires employees and contractors to perform their duties in a manner that is consistent with Lux’ legal responsibilities in relation to privacy.
4.2 Lux will take all reasonable steps to ensure that paper and electronic records containing Personal Information are stored in facilities that are only accessible by employees of the company for the sole purpose of performing their job.
4.3 Lux will review, on a regular and ongoing basis, its information security practices to ascertain how ongoing responsibilities can be achieved and maintained.
4.4 Lux will take reasonable steps to destroy or permanently de-identify personal information if it is no longer needed for any purpose.
5.1 Lux’ Privacy Officer will be the first point of contact for inquiries about privacy issues. Individuals wishing to make an inquiry or complaint regarding privacy should do so by contacting Lux’ Privacy Officer.
5.4 On request by a person, Lux will take reasonable steps to let the person know, generally, the sort of personal information it holds, for what purpose, and how it collects, holds, uses and discloses that information.
6.0 Access and correction
6.1 Lux will allow its records containing Personal Information to be accessed by the individual concerned in accordance with the Privacy Act.
6.2 Lux will correct its records containing Personal Information as soon as practically possible, at the request of the individual concerned in accordance with the Privacy Act.
6.3 Individuals wishing to lodge a request to access and/or correct their Personal Information should do so by contacting Lux’ Privacy Officer.
6.4 Lux may charge a fee for processing an access request.
7.0 Anonymous transactions
7.1 Lux will not make it mandatory for visitors to its web sites to provide Personal Information.
8.0 Transferring personal information overseas
8.1 Lux will only send Personal Information to an unrelated organisation overseas where:
• the individuals has provided consent to the transfer; or
• the transfer is necessary for the performance of a contract between the individual and the organisation;
• the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the individual between the organisation and a third party; or
• the transfer is for the benefit of the individual was impracticable to obtain the consent of the individual prior to that transfer and if it were practicable to obtain such consent, the individual would be likely to give the consent.
“Collect” means gather, acquire or obtain by any means, information in circumstances where the individual is identifiable or identified.
”Collection Information” means the information outlined in 1.3 notified to individuals prior to, or as soon as practical after, the collection of their Personal Information.
”Direct Marketing” means the marketing of goods or services through means of communication including written, verbal or electronic means. ”Disclosure” generally means the release of information outside Lux. “Individuals” includes any natural persons and legal entity as defined by the Corporations Act. ”Opt Out” means an individual’s expressed request not to receive further Direct Marketing.
”Personal Information” means information or an opinion (including information or an opinion forming part of a database), whether true or not and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained from the information or opinion.
”Primary Purpose” is the dominant or fundamental reason for information being collected in a particular transaction.
“Privacy Act” means the Commonwealth Privacy Act 1988 (including the National Privacy Principles).
”Reasonable Expectation” means a reasonable individual’s expectation that their personal information might be
Used or Disclosed for the particular purpose.
”Use” means the handling of Personal Information within Lux.
Name: Kim Evans